Please do not apply these patches. These are part of tests I made for the ipsec workshop at upcoming netdev 1.2 and I wanted to post these before the conference.
Short version is that there appear to be no major scalability issues anymore without flow cache. Performance hit can be up to 30% in my tests (with 64 byte packets), however without flow cache we also avoid some undesirable effects when flow cache is constantly overloaded. Seems most of the extra cost is mainly because of extra xfrm dst init/destruction (and not e.g. due to policy lookup). Lets discuss more at the workshop. Thanks, Florian
